Thursday, September 7, 2006

Malware Using Built-In EFS as Protection

Via Mcafee Avert Lab Blog -

Recently a trojan was seen to take advantage of EFS to protect itself and execute with administrative privileges. This malware is composed of obfuscated DLL and PE files that are thoughtfully crafted. It has two main components, a dialer component that is detected as Qdial-45 the other is a downloader/dropper component detected as Spy-Agent.bf that drops this dialer along with an EFS encrypted downloader file. McAfee has been detecting variants of this trojan since August 02, 2006, however we have observed an upsurge in infection rates in last few weeks.

No comments:

Post a Comment